|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: John Starta (john.starta
TRIPLESTICKS.COM)Date: Mon Aug 06 2001 - 01:11:29 CDT
Any Cisco 600 series of DSL router that has not been patched per the
December 2000 Cisco Security Advisory
(http://www.cisco.com/warp/public/707/CBOS-multiple.shtml) will stop
forwarding traffic when scanned by a system infected by the "Code Red"
worm. The power must be cycled to restore normal service. Cisco offers free
software upgrades to all affected customers of the vulnerability described
in the above advisory.
jas
At 10:43 PM 8/5/01 -0400, Geo. wrote:
>All day I've had customers calling with cisco 678 routers running cbos 2.4.2
>with the web interface disabled. Seems their routers have been crashing.
>
>We traced this back to the code red worm. For some reason even with web
>disabled on these routers port 80 remains open. Simply running a port scan
>and cutting off the connection is enough to crash the router. Locks up
>solid.
>
>I also found a solution, by doing a
>
>set web remote ipaddress
>
>where ipaddress is one of their internal IP's you can prevent outside
>addresses from being able to crash the router.
>
>Just a heads up guys, if you are seeing 678's crashing, give it a try, it's
>working here.
>
>Geo.
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]